OFFICIAL SECURITY BLOG

We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

Has MacUpdate fallen to the adware plague?

Published November 2nd, 2015 at 1:17 PM EDT , modified November 2nd, 2015 at 1:17 PM EDT

It seems that MacUpdate, long considered to be one of the only remaining trustworthy download aggregation sites for the Mac, has succumbed to the same plague that has ruined most of the others: adware.

Read the full story on Malwarebytes Unpacked

23 Comments

  • Geoff Heys says:

    Just downloaded the latest Skype installer from MacUpdate (as described in the linked story) and nothing seems awry.

    Perhaps some follow up on how this happened is required.

    Personally, I’ll continue to trust MacUpdate until more definitive proof has been provided.

    • Thomas says:

      It appears the folks at MacUpdate have changed that download. For those who have access to VirusTotal and wish to see the original download, it can be found here:

      https://www.virustotal.com/en/file/068a23f8c9bfd98d3169dedc0e87cff8a3e53c08b1baf0dbfc16c8ad8b656d72/analysis/1446497163/

      For those who don’t, just go take a look at the Firefox download on MacUpdate… it behaves the same way (for the moment).

      https://www.macupdate.com/app/mac/10700/firefox/download

      • Geoff Heys says:

        Downloads the normal Firefox for me.

        • Thomas says:

          The Firefox download still gives me the MacUpdate Installer (when choosing the “Stable Version” from the pop-up that appears when you hover your mouse over the Download button on MacUpdate’s Firefox page).

          If you don’t see that behavior, try one of the other apps mentioned in Steve Dagley’s comment: 1Password, VueScan or BetterTouchTool.

          Note that, even if MacUpdate goes back and reverts all these apps, I still have samples of all of them, and will be happy to provide them to anyone who asks.

        • U.N. Owen says:

          Advice you can CHOOSE – to follow, or ignore.

          You’ve chosen to ignore it.

          If it downloads ‘normal’ for you, and you choose to disregard the provided information – which, aside being from someone who has been/is quite knowledgeable, and has been doing The Safe Mac for quite sometime, who receives NOTHING by giving you said advice, you keep making comments of everything being fine for you.

          Good for you.

          So, what’s your point? DO you even HAVE one, or, is – everything’s ok for you – your point?

          Sooner or later, everyone – no matter what OS, software, etc they have, downloaded, etc, WILL have some sort of problem.

          Some’ll be simple conflict type, or, as is the WHOLE POINT of The Safe Mac, it might be something malicious – intentionally designed to cause potential victims a more serious problem.

          YOU came here – by YOUR choice.

          Your ‘comments’ don’t offer ANYTHING which is either helpful – to others, as well as Mr. Reed (Thomas), OR, make a point where an opposite tact is taken, where you’d explain the benefits of said software, and open a parallel discussion.

          All you do is – repeatedly – say you beat the odds.

          Bully for you.

          This time.

  • Steve Dagley says:

    MacUpdate is definitely targeting specific apps to get the adware installer – 1Password, VueScan, and BetterTouchTool are ones I just encountered. That the Skype install that got the initial attention has been reverted to a clean download while other remain tainted does not speak well for the intentions of the people running MacUpdate.

  • Geoff Heys says:

    Thomas,

    We are obviously not seeing the same MacUpdate.

    Of the four downloads you’ve listed, two are dmg’s and two are zip’s and all contain only app files (i.e.copy to install), no installers.

    I do not work for MacUpdate, I just really want to trust this seemingly last instance of update aggregaters.

    Perhaps you could reach out to the administators for a statement?

  • Grey says:

    Why the **** are you people even having this conversation? Just go to the developer’s website — or the App Store where appropriate or necessary — and get the installer for your application, or application-update.

    • Thomas says:

      Because there are many people who think that MacUpdate is a good place to download software, and the word that it no longer is needs to be spread. Do you have an issue with educating people?

      • Grey says:

        You’re missing my point: It’s not about *educating people* — a lofty and admirable goal — rather about the irrational insistence, by some at least, on the continued use of an untrustable source for software downloads. Does that answer your question?

    • Geoff Heys says:

      MacUpdate continues to be an excellent source of whether almost all software is up-to-date.

      To me, that functionality will be sorely missed if MacUpdate continues down this path.

      Fortunately if it is out of date, it can still be downloaded from the developer. It’s mostly the checking that’s valuable.

      • Thomas says:

        Most apps these days have some kind of mechanism for notifying the user of updates.

        • Geoff Heys says:

          And if one launched every app once a week or so, that would be sufficient.

          For those of us who are app hoarders or consultants supporting others, a resource such as MacUpdate has been invaluable.

      • gskibum says:

        I quit trusting and stopped using MacUpdate years ago. They defended the listing of MacKeeper as well as the practice of Zeobit compensating people to sign up, leave a single review that is positive to MacKeeper, then disappear and never be heard from again. With that I removed MacUpdate from my favorites and visit the site only occasionally – mostly to see the fun & games at the MacKeeper listing.

  • B Woods says:

    Of course, obtaining software from the developer’s site is the best course of action, but how does one learn about software X in the first place or find similar applications? For that, MacUpdate still seems to be a good resource. It is also still a good Mac software site on account of its user reviews. If someone knows a better site for such information, please let us know.

    FTR, I’ve come across a couple of these MU installer packages recently. So far it seems that MU is doing this with some of the more popular applications, but hasn’t yet gotten around to doing it with all listed software.

    • Thomas says:

      The problem is, can you actually trust those reviews? At one point in the past, MacUpdate allowed ZeoBIT to engage in some pretty blatant “astroturfing” (posting of fake reviews). They finally put an end to that in the wake of massive negative feedback, but who knows how many others might be engaging in similar activities on a more subtle level.

      Unfortunately, all online review sites are potentially susceptible to astroturfing, so online reviews should be considered suspect. I’ve even seen what I suspected was astroturfing in the Mac and iOS App Stores. Further, many major periodicals have been known to give good reviews to pretty bad software.

      This leaves us with a regrettable lack of reliable sources for software reviews.

      • B Woods says:

        I understand what you say about little quality control on reviews; however, one gets a feel for legit vs. bogus reviews after reading them for a while, and one you can always check a reviewer’s profile. Also, bogus reviews are often called out by long-time commenters/members. Hence I still find the reviews and comments to be of considerable use.

        Also, as a free member I was able to download the clean, full dmg file for one of the targeted apps (Google Chrome). Then when I logged out and clicked the DL button for it once more, I received the hinky installer package. This was discussed as an update in your article, with respect to paid members, but is evidently the case for free members as well. None the less, I don’t see how this will endear new users (or unsigned in members) to the website, who will likely DL some of these targeted, popular apps and end up with their browser soiled with adware.

        And a general “thanks” to you, Thomas, for the service your provide to Mac users. Really appreciate it.

This post is more than 90 days old and has been locked. No further comments are allowed.